Skip to content

Commit 1004635

Browse files
owen-mcowen-mc
committed
Add path query example to python data flow docs
1 parent 2930e79 commit 1004635

File tree

1 file changed

+40
-1
lines changed

1 file changed

+40
-1
lines changed

docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst

Lines changed: 40 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -354,11 +354,50 @@ This data flow configuration tracks data flow from environment variables to open
354354
select fileOpen, "This call to 'os.open' uses data from $@.",
355355
environment, "call to 'os.getenv'"
356356
357+
Path Query Example
358+
~~~~~~~~~~~~~~~~~~
359+
360+
Here is the first example above, converted into a path query:
361+
362+
.. code-block:: ql
363+
364+
/**
365+
* @kind path-problem
366+
* @problem.severity warning
367+
* @id file-system-access-from-remote-input
368+
*/
369+
370+
import python
371+
import semmle.python.dataflow.new.DataFlow
372+
import semmle.python.dataflow.new.TaintTracking
373+
import semmle.python.dataflow.new.RemoteFlowSources
374+
import semmle.python.Concepts
375+
376+
module RemoteToFileConfiguration implements DataFlow::ConfigSig {
377+
predicate isSource(DataFlow::Node source) {
378+
source instanceof RemoteFlowSource
379+
}
380+
381+
predicate isSink(DataFlow::Node sink) {
382+
sink = any(FileSystemAccess fa).getAPathArgument()
383+
}
384+
}
385+
386+
module RemoteToFileFlow = TaintTracking::Global<RemoteToFileConfiguration>;
387+
388+
import RemoteToFileFlow::PathGraph
389+
390+
from RemoteToFileFlow::PathNode input, RemoteToFileFlow::PathNode fileAccess
391+
where RemoteToFileFlow::flowPath(input, fileAccess)
392+
select fileAccess.getNode(), input, fileAccess, "This file access uses data from $@.",
393+
input, "user-controllable input."
394+
395+
For more information, see ":doc:`Creating path queries <creating-path-queries>`".
357396

358397
Further reading
359398
---------------
360399

361-
- `Exploring data flow with path queries <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries>`__ in the GitHub documentation.
400+
- `Creating path queries <https://codeql.github.com/docs/writing-codeql-queries/creating-path-queries/>`__ in the GitHub documentation.
362401

363402

364403
.. include:: ../reusables/python-further-reading.rst

0 commit comments

Comments
 (0)